General

  • Target

    000de49e50cbca33b67d2304b57ac970N

  • Size

    88KB

  • Sample

    240826-fw1bgsydjr

  • MD5

    000de49e50cbca33b67d2304b57ac970

  • SHA1

    fea919dceb7418ee3a56022fa3e27022f2f6964d

  • SHA256

    65478d25fdcccdb5f60e87f8883b20a7330d52b42797fa6a53656a53e3315ad1

  • SHA512

    716a92b398e2c6a8d36c5392c9c4e016e37ce411cd646919f6623f39883510a89895d26b0ad3a3d0b0eb89312c887abfd4cffc2ec774570e3a2c345b4f023cf5

  • SSDEEP

    1536:5Umx/OF4+Tn70osVgfiOb2oDNNKweyGDbnARHfo/CnMyOIdYx6UtE5JM:Z+T70dVgfiTxwC8g/CMybds65e

Malware Config

Extracted

Family

redline

Botnet

@saaatan666

C2

188.68.202.228:48521

Targets

    • Target

      000de49e50cbca33b67d2304b57ac970N

    • Size

      88KB

    • MD5

      000de49e50cbca33b67d2304b57ac970

    • SHA1

      fea919dceb7418ee3a56022fa3e27022f2f6964d

    • SHA256

      65478d25fdcccdb5f60e87f8883b20a7330d52b42797fa6a53656a53e3315ad1

    • SHA512

      716a92b398e2c6a8d36c5392c9c4e016e37ce411cd646919f6623f39883510a89895d26b0ad3a3d0b0eb89312c887abfd4cffc2ec774570e3a2c345b4f023cf5

    • SSDEEP

      1536:5Umx/OF4+Tn70osVgfiOb2oDNNKweyGDbnARHfo/CnMyOIdYx6UtE5JM:Z+T70dVgfiTxwC8g/CMybds65e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

MITRE ATT&CK Enterprise v15

Tasks